Create codeql-analysis.yml

[caniszczyk]

Add CodeQL scanning for umoci to try it out!

Signed-off-by: Chris Aniszczyk [email protected]

[cyphar]

You need to add a Signed-off-by: line to your commit(s) which indicates that you attest the Developer Certificate of Origin a statement about your contributions that you must read before signing (don't worry, it's quite short and easy-to-read). You can add it to your commits with git commit --amend -s, and then doing a git push --force.

NOTE: This is a saved reply. Sorry if it reads as a cookie-cutter response, it was written so that newcomers understand what a "DCO" is and make the process for contributing a little less scary.

[caniszczyk]

ah jfc, I will fix that

…

On Thu, Jun 25, 2020 at 5:07 PM Aleksa Sarai ***@***.***> wrote: You need to add a Signed-off-by: line to your commit(s) which indicates that you attest the Developer Certificate of Origin <https://developercertificate.org/> a statement about your contributions that you *must read* before signing (don't worry, it's quite short and easy-to-read). You can add it to your commits with git commit --amend -s, and then doing a git push --force. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#333 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAPSIM2LKS5UKF57RQI7E3RYPDBZANCNFSM4OIVDN6Q> .

-- Cheers, Chris Aniszczyk http://aniszczyk.org +1 512 961 6719

[caniszczyk]

@cyphar this is what I get from using the github ui to add code scanning tools to the build

[cyphar]

LGTM.

[cyphar]

Closing in favour of #559.